Skip to content
All about casino & gambling. โ€” All about casino culture. โ€” All about Las Vegas.

MGM Resorts' Las Vegas operations to sustain a $100 million financial loss due to a cyberattack

Casino operator admits drop in hotel occupancy rates and reveals theft of customer data, extending up to March 2019, at The Bellagio and Mandalay Bay establishments.

 and  Administrator
3 min read
Financial setback for MGM Resorts in Las Vegas: $100 million due to cyberattack in their local...
Financial setback for MGM Resorts in Las Vegas: $100 million due to cyberattack in their local operations

MGM Resorts' Las Vegas operations to sustain a $100 million financial loss due to a cyberattack

MGM Resorts, a leading hospitality company, has faced a major cyberattack in September 2023. The attack, attributed to the threat group Scattered Spider working in some capacity with ALPHV/BlackCat, compromised sensitive customer data and caused operational disruptions at MGMโ€™s 31 resorts.

The breach was first discovered between Sept. 8 and September 12, and led to widespread operational disruptions, including shutdowns of hotel check-ins, casino operations, digital services, on-site ATMs, remote room keys, and parking charges. The attack caused an estimated loss of about $100 million for MGM Resorts, encompassing lost revenue, consulting and legal fees, recovery costs, security upgrades, and compliance expenditures.

Security researchers believe MGM Resorts refused to pay a demanded ransom, which is part of the reason why the disruptions continued for many weeks. Following initial access, the ALPHV/BlackCat ransomware group deployed a "double-extortion" ransomware attack, encrypting MGM's data while exfiltrating unencrypted versions to coerce ransom payment. This tactic threatens further public exposure of stolen data and regulatory penalties if the ransom is refused.

The breach compromised sensitive customer data including driver's license numbers and possibly Social Security numbers, posing significant privacy and security risks to affected individuals. Customers were notified directly if their information was accessed, and free credit monitoring is being offered. MGM Resorts expects it has enough insurance coverage to cover the financial impact of the attack, but has not yet fully determined the scope.

In addition to the financial impact, MGM Resorts is also facing multiple lawsuits from customers in the U.S. District Court in Nevada alleging negligence and unjust enrichment. Hotel occupancies at MGM Resorts fell to 88% during September, compared to 93% the prior year, due to the cyberattack disrupting the companyโ€™s website and mobile apps used for reservations.

Despite the setbacks, MGM Resorts expects a strong fourth quarter and a "record" November, driven by the upcoming Formula 1 race event. JMP Securities analyst Jordan Bender estimated that the attack would cost MGM Resorts several million dollars per day due to operational disruptions. MGM Resorts will incur about $10 million in costs for technology consultants, legal fees, and other third-party advisors due to the cyberattack.

The attack highlights the critical importance of robust helpdesk security and identity access management controls in large enterprises. MGM Resorts confirmed that the attack was initiated by a social engineering attack on its systems through a vishing call to the IT helpdesk, impersonating an MGM employee based on LinkedIn information. This led to the helpdesk resetting credentials, granting the attackers privileged access to MGM's identity management systems like Okta and Azure AD, thus compromising user accounts and security controls.

Caesars Entertainment, another hospitality company, also suffered a cyberattack that compromised rewards data for its customers. The financial impact of the attack, according to Bender, would be a "drop in the bucket" for MGM Resorts, given its expected annual EBITDAR of $4.7 billion.

In a positive development, MGM Resorts disclosed the cyberattack promptly to the SEC and cooperated with international law enforcement, resulting in the arrest (and release on bail) in July 2024 of a 17-year-old suspect from the UK linked to the hack and ransom attempt.

In summary, the MGM Resorts social engineering attack exploited human vulnerabilities to gain privileged access, led to a sophisticated ransomware assault causing multiday operational disruptions, exposed sensitive customer data, resulted in substantial financial damages, and triggered legal actions including arrests and regulatory disclosures. This attack underscores the need for robust cybersecurity measures in the hospitality industry.

  1. The data breach at MGM Resorts, a leading hospitality company, was initiated by a social engineering attack on its systems, specifically targeting its IT helpdesk through a vishing call.
  2. The breach, attributed to the threat group Scattered Spider working with ALPHV/BlackCat, compromised sensitive customer data such as driver's license numbers and possibly Social Security numbers, posing significant privacy and security risks.
  3. The ransomware attack, which utilized a "double-extortion" tactic, caused operational disruptions at MGM's 31 resorts, including shutdowns of casino operations and digital services. The estimated loss for MGM Resorts was around $100 million.
  4. As a response to the cyberattack, MGM Resorts is emphasizing the importance of robust helpdesk security and identity access management controls in large enterprises, particularly within the casino-and-gambling industry in Las Vegas and casino culture.

Read also:

    Related

    Latest